grsecurity privilege escalation updated since 12.01.2007
Published:		20.01.2007
Source:		BUGTRAQ
SecurityVulns ID:		7045
Type:		local
Level:		7/10
Description:		Privilege escalation with expand_stack().

Affected:		GRSECURITY : grsecurity 2.1
CVE:		CVE-2007-0257 (** DISPUTED ** Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code.)
		CVE-2007-0253 (** DISPUTED ** Unspecified vulnerability in the grsecurity patch has unspecified impact and remote attack vectors, a different vulnerability than the expand_stack vulnerability from the Digital Armaments 20070110 pre-advisory. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven.)

Original document		info_(at)_digitalarmaments.com, Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability (20.01.2007)
		info_(at)_digitalarmaments.com, Digital Armaments Security Pre-Advisory 11.01.2007: Grsecurity Kernel PaX - Local root vulnerability (12.01.2007)

Discuss:

Read or add your comments to this news (0 comments)